컴퓨터/Network2011. 8. 26. 15:13

[Cisco Packet Tracer] Extended access-list + DNS + WWW + FTP



R1족보
en
conf t
int se2/0
ip addr 192.168.0.1 255.255.255.0
clock rate 56000
no sh
exit
int fa0/0
ip addr 192.168.10.254 255.255.255.0
no sh
exit
int fa1/0
ip addr 192.168.100.254 255.255.255.0
no sh
exit

router rip
network 192.168.0.0
network 192.168.10.0
network 192.168.100.0
exit

access-list 100 permit tcp 192.168.20.0 0.0.0.255 host 192.168.10.1 eq 80
access-list 100 permit tcp 192.168.20.0 0.0.0.255 host 192.168.10.1 eq 21
access-list 100 permit tcp 192.168.20.0 0.0.0.255 host 192.168.10.1 eq 53
access-list 100 permit udp 192.168.20.0 0.0.0.255 host 192.168.10.1 eq 53
access-list 100 deny tcp host 192.168.30.10 host 192.168.10.1 eq 80
access-list 100 deny tcp host 192.168.30.10 host 192.168.10.1 eq 21
access-list 100 deny tcp host 192.168.30.10 host 192.168.10.1 eq 53
access-list 100 deny udp host 192.168.30.10 host 192.168.10.1 eq 53
access-list 100 permit tcp 192.168.30.0 0.0.0.255 host 192.168.10.1 eq 80
access-list 100 permit tcp 192.168.30.0 0.0.0.255 host 192.168.10.1 eq 21
access-list 100 permit tcp 192.168.30.0 0.0.0.255 host 192.168.10.1 eq 53
access-list 100 permit udp 192.168.30.0 0.0.0.255 host 192.168.10.1 eq 53
int fa0/0
ip access-group 100 out
exit








R2족보
en
conf t
int se2/0
ip addr 192.168.0.2 255.255.255.0
clock rate 56000
no sh
exit
int fa0/0
ip addr 192.168.30.254 255.255.255.0
no sh
exit
int fa1/0
ip addr 192.168.20.254 255.255.255.0
no sh
exit

router rip
network 192.168.0.0
network 192.168.20.0
network 192.168.30.0
exit

access-list 101 permit tcp 192.168.10.0 0.0.0.255 host 192.168.30.30 eq 80
access-list 101 permit tcp 192.168.10.0 0.0.0.255 host 192.168.30.30 eq 21
access-list 101 permit tcp 192.168.10.0 0.0.0.255 host 192.168.30.30 eq 53
access-list 101 permit udp 192.168.10.0 0.0.0.255 host 192.168.30.30 eq 53
access-list 101 deny tcp host 192.168.100.10 host 192.168.30.30 eq 80
access-list 101 deny tcp host 192.168.100.10 host 192.168.30.30 eq 21
access-list 101 deny tcp host 192.168.100.10 host 192.168.30.30 eq 53
access-list 101 deny udp host 192.168.100.10 host 192.168.30.30 eq 53
access-list 101 permit tcp 192.168.100.0 0.0.0.255 host 192.168.30.30 eq 80
access-list 101 permit tcp 192.168.100.0 0.0.0.255 host 192.168.30.30 eq 21
access-list 101 permit tcp 192.168.100.0 0.0.0.255 host 192.168.30.30 eq 53
access-list 101 permit udp 192.168.100.0 0.0.0.255 host 192.168.30.30 eq 53
access-list 101 permit ip any any
int fa0/0
ip access-group 101 out
exit


★주의
처음에 셋팅할때 무지 고생했다
재대로 한것같은데 자꾸 실패했었다
문제1) DNS 개방
문제2) 그룹 in

해결1)
access-list 100 permit tcp 192.168.20.0 0.0.0.255 host 192.168.10.1 eq 53
access-list 100 permit udp 192.168.20.0 0.0.0.255 host 192.168.10.1 eq 53
access-list 100 deny tcp host 192.168.30.10 host 192.168.10.1 eq 53
access-list 100 deny udp host 192.168.30.10 host 192.168.10.1 eq 53
access-list 100 permit tcp 192.168.30.0 0.0.0.255 host 192.168.10.1 eq 53
access-list 100 permit udp 192.168.30.0 0.0.0.255 host 192.168.10.1 eq 53
추가

해결2)
int se2/0
ip access-group 100 in
exit
제거

R2쪽에도 마찬가지로 101 쪽에 추가 제거 해주었더니 모두 정상적으로 작동하였다
in은 필요없고 통틀어 나가는 out 쪽만 있어도 된다는것이였다
트러블 슈팅 완료~~~~~~~~(2시간 소요)

'컴퓨터 > Network' 카테고리의 다른 글

[GNS3] dhcp + nat ................  (0) 2011.08.29
서브넷팅 족보  (0) 2011.08.28
우리집 공유기에 서브넷팅 하기  (0) 2011.08.28
확장 액세스 리스트 (Extended Access List)  (1) 2011.08.27
[Cisco Packet Tracer] NAT + DHCP  (0) 2011.08.26
[Cisco Packet Tracer] DHCP + NAT + access-list  (0) 2011.08.26
[Cisco Packet Tracer] DHCP + NAT  (0) 2011.08.26
[Cisco Packet Tracer] NAT  (0) 2011.08.26
[Cisco Packet Tracer] OSPF 와 엑세스 리스트  (0) 2011.08.25
[Cisco Packet Tracer] OSPF 기본 A클래스  (0) 2011.08.25
Posted by CIY

티스토리툴바